Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 15:33
Behavioral task
behavioral1
Sample
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll
Resource
win10v2004-20221111-en
General
-
Target
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll
-
Size
26KB
-
MD5
6387a78b7714abd5e1b5f55cf4da2f40
-
SHA1
2783163d35684dd37cea3b47a31038612f0427b4
-
SHA256
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c
-
SHA512
b4e8136023c7fcf628c58cb514597d8ca510084296bb5cc3450cd3a3a853a4114ab556e0bee57a0e75cf71d858d3fec83edc219c9cee49c006f9fed927d50c98
-
SSDEEP
768:tn9opvGMutW+7Qta+dK+5DUod7COE9tzf/7:tngeW+ctaSK+5wtOkb7
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3864-133-0x0000000074DF0000-0x0000000074E05000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1632 wrote to memory of 3864 1632 rundll32.exe 82 PID 1632 wrote to memory of 3864 1632 rundll32.exe 82 PID 1632 wrote to memory of 3864 1632 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll,#12⤵PID:3864
-